Protection Mechanism Failure (CWE-693)

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations: Missing a protection mechanism, using a faulty protection mechanism, or incorrectly applying a protection mechanism. A missing protection mechanism occurs when the application does not defend against a specific attack. A faulty protection mechanism occurs when the application does defend against a specific attack, but the protection mechanism is not implemented correctly.

Prévalence

Élevée

Fréquemment exploitée

Impact

Élevé

1 règles de sévérité élevée

Prévention

Documentée

8 exemples de correctifs

2 Prévention

Comment corriger cette vulnérabilité

Stratégies de prévention pour Protection Mechanism Failure basées sur 8 règles de détection Shoulder.

🐳 Docker Tout voir Docker détails →

Missing Healthcheck Configuration LOW

Add a HEALTHCHECK instruction to enable container health monitoring

+2 -0 dockerfile

  FROM node:24-alpine
  WORKDIR /app
  COPY . .
  EXPOSE 3000
+ HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
+   CMD curl -f http://localhost:3000/health || exit 1
  CMD ["node", "server.js"]

🐹 Go Tout voir Go détails →

Chi Missing Security Headers MEDIUM

Add security headers middleware to Chi router

+12 -2 go

  package main
  
  import (
      "net/http"
      "github.com/go-chi/chi/v5"
  )
  
- func main() {
-     r := chi.NewRouter()
+ func securityHeaders(next http.Handler) http.Handler {
+     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+         w.Header().Set("X-Frame-Options", "DENY")
+         w.Header().Set("X-Content-Type-Options", "nosniff")
+         w.Header().Set("X-XSS-Protection", "1; mode=block")
+         next.ServeHTTP(w, r)
+     })
+ }
+ 
+ func main() {
+     r := chi.NewRouter()
+     r.Use(securityHeaders)
      r.Get("/", homeHandler)
      http.ListenAndServe(":8080", r)
  }

Echo Missing Security Headers MEDIUM

Add Echo Secure middleware to set security HTTP headers

+13 -4 go

  package main
  
- import "github.com/labstack/echo/v4"
- 
- func main() {
-     e := echo.New()
+ import (
+     "github.com/labstack/echo/v4"
+     "github.com/labstack/echo/v4/middleware"
+ )
+ 
+ func main() {
+     e := echo.New()
+     e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+         XFrameOptions:         "DENY",
+         ContentTypeNosniff:    "nosniff",
+         XSSProtection:         "1; mode=block",
+         ContentSecurityPolicy: "default-src 'self'",
+     }))
      e.GET("/", homeHandler)
      e.Start(":8080")
  }

Fiber Missing Security Headers MEDIUM

Add Fiber Helmet middleware to set security HTTP headers

+8 -4 go

  package main
  
- import "github.com/gofiber/fiber/v2"
- 
- func main() {
-     app := fiber.New()
+ import (
+     "github.com/gofiber/fiber/v2"
+     "github.com/gofiber/fiber/v2/middleware/helmet"
+ )
+ 
+ func main() {
+     app := fiber.New()
+     app.Use(helmet.New())
      app.Get("/", homeHandler)
      app.Listen(":3000")
  }

🟨 JavaScript Tout voir JavaScript détails →

Security Headers in Express.js HIGH

Add Helmet middleware to set security headers automatically

+4 -1 javascript

  const express = require('express');
- const app = express();
+ const helmet = require('helmet');
+ const app = express();
+ 
+ app.use(helmet());
  
  app.get('/', (req, res) => {
    res.send('<h1>Hello</h1>');
  });

3 Détection

Trouvez les vulnérabilités dans votre code

Utilisez Shoulder pour scanner votre code à la recherche de patterns Protection Mechanism Failure. 8 règles.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=693

# Or scan entire project
npx @shoulderdev/cli trust .

Règles de Détection (8)

🐹 Go 6 rules

Chi Missing Security Headers MEDIUM

Chi application missing security HTTP headers middleware.

Echo Missing Security Headers MEDIUM

Echo application missing security HTTP headers middleware.

Fiber Missing Security Headers MEDIUM

Fiber application missing security HTTP headers middleware.

Gin Missing Security Headers MEDIUM

Gin application missing security HTTP headers middleware.

Gorilla Missing Security Headers MEDIUM

Gorilla Mux application missing security HTTP headers middleware.

Missing HTTP Security Headers MEDIUM

HTTP responses lack security headers like X-Frame-Options or Content-Security-Policy.

🐳 Dockerfile 1 rules

Missing Healthcheck Configuration LOW

Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring.

🟨 Javascript 1 rules

Security Headers in Express.js HIGH

Detects missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing.

🔷 Typescript 1 rules

Security Headers in Express.js HIGH

Detects missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing.

4 Signes d'Alerte

Ce qu'il faut surveiller lors des revues de code

Ces patterns indiquent des vulnérabilités potentielles Protection Mechanism Failure. Recherchez-les lors des revues de code et des audits de sécurité.

🟠

Application lacks security headers middleware (helmet, CSP, HSTS, X-Frame-Options, etc.). Without these headers, the app javascript-express-security-headers

🟠

missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing javascript-express-security-headers

🟡

Gin application missing security headers middleware go-gin-missing-helmet

🟡

Application lacks important security headers go-missing-security-headers

🔵

Dockerfile has no HEALTHCHECK instruction for container health monitoring docker-missing-healthcheck

🔵

Dockerfiles missing HEALTHCHECK instructions for container monitoring docker-missing-healthcheck

🔍

Scannez votre base de code pour Protection Mechanism Failure

Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.

npx shoulder trust Parcourir toutes les règles